fix(modsign): load keys to correct keyring

Until now, 03modsign module was loading keys from /lib/modules/keys/* into the
current session keyring.
This change makes it add keys to the secondary trusted keyring. This works
only as long as added certificate is signed by key from the same keyring.

modules.d/03modsign/load-modsign-keys.sh

@@ -7,5 +7,5 @@
 
 for x in /lib/modules/keys/*; do
     [ "${x}" = "/lib/modules/keys/*" ] && break
-    keyctl padd asymmetric "" @s < "${x}"
+    keyctl padd asymmetric "" %:.secondary_trusted_keys < "${x}"
 done